Merge pull request #402 from iiab/master

Sync from iiab:master
2025-03-09 15:40:17 +00:00 · 2020-05-22 10:36:51 -04:00 · 2020-05-22 10:36:51 -04:00 · ad0285298e
commit ad0285298e
parent e62621e2e0 1cc9a0ed4e
45 changed files with 279 additions and 290 deletions
--- a/roles/0-init/defaults/main.yml
+++ b/roles/0-init/defaults/main.yml
@ -1,5 +1,5 @@
 # (PRE-)release version number, for {{ iiab_env_file }} = /etc/iiab/iiab.env
-# iiab_base_ver: 7.0
+# iiab_base_ver: 7.1
 # iiab_revision: 0
 # ABOVE MOVED TO /opt/iiab/iiab/vars/default_vars.yml

@ -14,7 +14,6 @@ discovered_wan_iface: none

 # Old defs
 gui_port: 80
-exFAT_enabled: False
 is_F18: False

 # Set default 1-prep discovered hardware
--- a/roles/0-init/tasks/main.yml
+++ b/roles/0-init/tasks/main.yml
@ -43,30 +43,6 @@
 - name: Pre-check that IIAB's "XYZ_install" + "XYZ_enabled" vars (1) are defined, (2) are boolean-not-string variables, and (3) contain plausible values.  Also checks that "XYZ_install" is True when "XYZ_installed" is defined.
  include_tasks: validate_vars.yml

-# SEE: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md
- name: "apache_install is currently '{{ apache_install }}' and apache_enabled is currently '{{ apache_enabled }}'.  Now let's set 'apache_install: True' and 'apache_enabled: True' if NGINX is set not to be enabled OR if any of {Elgg, Lokole, Moodle, Node-RED} are set to install."
-  set_fact:
-    apache_install: True
-    apache_enabled: True
-  when: not nginx_enabled or elgg_install or lokole_install or moodle_install or nodered_install
-#
-#- name: "Verify 'apache_install: True' and 'apache_enabled: True' if any of {DokuWiki, Elgg, Lokole, Moodle, Nextcloud, Node-RED} are set to install"
-#  assert:
-#    that: apache_install and apache_enabled or not (dokuwiki_install or elgg_install or lokole_install or moodle_install or nextcloud_install or nodered_install)
-#    fail_msg: "PLEASE CONFIRM 'apache_install: True' AND 'apache_enable: True' IF YOU'RE TRYING TO INSTALL ANY OF {dokuwiki, elgg, lokole, moodle, nextcloud, nodered} e.g. IN: /etc/iiab/local_vars.yml"
-#    quiet: yes
-#
-#- name: "Verify 'apache_install: True' and 'apache_enabled: True' if 'nginx_enabled: False' -- e.g. for Apache testing of older playbooks lacking full NGINX support"
-#  assert:
-#    that: apache_install and apache_enabled or nginx_enabled
-#    fail_msg: "PLEASE CONFIRM 'apache_install: True' AND 'apache_enable: True' IF 'nginx_enabled: False' e.g. IN: /etc/iiab/local_vars.yml"
-#    quiet: yes
-
- name: Set exFAT_enabled if xo_model != "none"
-  set_fact:
-    exFAT_enabled: True
-  when: xo_model != "none"
-
 # Discover: do we have a gateway?
 # If Ansible detects gateway, becomes WAN candidate.
 - name: "Do we have a gateway? If so set discovered_wan_iface: {{ ansible_default_ipv4.alias }}"
--- a/roles/3-base-server/tasks/main.yml
+++ b/roles/3-base-server/tasks/main.yml
@ -8,10 +8,16 @@
    name: mysql
  when: mysql_install | bool

- name: HTTPD (Apache)
-  include_role:
-    name: httpd
-  when: apache_install | bool
+# 2020-05-21: Apache role 'httpd' is installed as nec by any of these 6 roles:
+#
+#    cups, elgg, lokole, moodle, nodered, phpmyadmin
+#
+# These 14 roles conditionally touch /etc/apache2/sites-available/*.conf files:
+#
+#    awstats, calibre-web, gitea, internetarchive, kalite, kiwix, kolibri,
+#    mediawiki, munin, nextcloud, sugarizer, usb_lib, wordpress, www_options
+#
+# SEE ALSO: https://github.com/iiab/iiab/blob/master/roles/nginx/README.md

 - name: NGINX
  include_role:
--- a/roles/4-server-options/tasks/main.yml
+++ b/roles/4-server-options/tasks/main.yml
@ -41,10 +41,9 @@
    name: samba
  when: samba_install | bool

-# 2020-02-12: what was roles/homepage lives in roles/www_base &
-# roles/www_options for now.  Eventually softcoding of iiab_home_url
-# should happen everywhere (incl Admin Console) to allow more field
-# options, e.g. changing /library/www/html/home even when offline...
+# 2020-02-17: what was roles/homepage lives in roles/www_options.  Eventually
+# softcoding of iiab_home_url should happen everywhere (incl Admin Console) for
+# more field options, e.g. changing /library/www/html/home even when offline...

 - name: WWW_OPTIONS (WWW_BASE should have been installed earlier)
  include_role:
--- a/roles/9-local-addons/tasks/main.yml
+++ b/roles/9-local-addons/tasks/main.yml
@ -30,34 +30,10 @@
    name: calibre-web
  when: calibreweb_install | bool

-# Could split these two below to Stage 10?  2020-02-12: Experimentally moving
-# stuff to roles/3-base-server, 4-server-options, roles/httpd, roles/nginx.
-
-# - name: "Set 'nginx_enabled: True'"
-#   set_fact:
-#     nginx_enabled: True
-#
-# - name: Fully Enable / Configure NGINX (already installed in Stage 3-BASE-SERVER) if 'nginx_enabled' is True
-#   include_role:
-#     name: nginx
-#   when: nginx_enabled | bool    # WAS: nginx_install
-# # If just CONFIGURING (etc) shouldn't we use one of the following instead ??
-# # include_tasks: roles/nginx/tasks/setup.yml
-# # include_tasks: roles/nginx/tasks/enable.yml
-
-# - name: "Set 'apache_enabled: True'"
-#   set_fact:
-#     apache_enabled: True
-#
-# - name: Fully Enable / Configure Apache systemd service ({{ apache_service }}) if 'apache_enabled' is True
-#   include_role:
-#     name: httpd
-#     #name: httpd-enable
-#   when: apache_enabled | bool    # WAS: apache_install
-# # WARNING THAT APACHE IS AUTO-ENABLED BY THESE ~6 APPS ALONE!
-# # https://github.com/holta/iiab/blob/scaff2/roles/0-init/tasks/main.yml#L40-L44
-# # Summarized @ https://github.com/iiab/iiab/blob/master/roles/nginx/README.md
-# # 2020-01-23: APACHE FUTURE SUMMARY QUESTIONS @ roles/httpd/tasks/main.yml
+- name: '2020-05-21: TEMPORARILY INSTALL APACHE UNTIL ADMIN CONSOLE DECLARES (OR REMOVES?) ITS DEPENDENCY within [console : Enable ssl] to avoid error "Neither of apache2ctl nor apachctl found. At least one apache control binary is necessary." -- possibly var adm_cons_force_ssl is still useful here?'
+  package:
+    name: apache2
+  when: admin_console_install | bool

 - name: Recording STAGE 9 HAS COMPLETED ====================
  lineinfile:
--- a/roles/awstats/tasks/install.yml
+++ b/roles/awstats/tasks/install.yml
@ -1,7 +1,7 @@
 # TO DO:
 #
 # - Prepare for a possible future w/o Apache by verifying/refining below...
-#   - 5 'when: apache_install | bool'
+#   - 5 'when: apache_installed is defined'
 #   - 1 'when: nginx_install | bool'
 #   - 8 core stanzas w/o such 'when:' clauses

@ -19,11 +19,11 @@
      - libapache2-mod-authnz-external
      - apache2-utils
    state: present
-  when: apache_install | bool
+  when: apache_installed is defined

 - name: Run 'a2enmod cgi' to enable cgi execution via Apache
  command: a2enmod cgi
-  when: apache_install | bool
+  when: apache_installed is defined

 - name: Create directory... mkdir {{ apache_log_dir }}, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx
  file:
@ -34,7 +34,7 @@
    group: "{{ apache_user }}"
    mode: u+rw,g+r,g-w,o-rwx    # '0750' turned on too many x bits
    #force: yes
-  when: apache_install | bool
+  when: apache_installed is defined

 - name: Create 2 directories... mkdir {{ awstats_data_dir }} (intermediate summary storage) and /usr/lib/cgi-bin/awstats, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx
  file:
@ -53,13 +53,13 @@
  template:
    src: apache-awstats.conf
    dest: "/etc/{{ apache_conf_dir }}/awstats.conf"    # apache2/sites-available on debuntu
-  when: apache_install | bool
+  when: apache_installed is defined

 - name: Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable
  template:
    src: logrotate.d.apache2
    dest: /etc/logrotate.d/apache2
-  when: apache_install | bool
+  when: apache_installed is defined

 - name: Does /etc/awstats/awstats.conf exist?
  stat:
--- a/roles/calibre-web/tasks/install.yml
+++ b/roles/calibre-web/tasks/install.yml
@ -22,8 +22,8 @@
    mode: '0755'
  with_items:
    - "{{ calibreweb_home }}"         # /library/calibre-web
-    - "{{ calibreweb_venv_path }}"    # /usr/local/calibre-web
    - "{{ calibreweb_config }}"       # /library/calibre-web/config
+    - "{{ calibreweb_venv_path }}"    # /usr/local/calibre-web-py3

 ## TODO: Calibre-web future release might get into pypi https://github.com/janeczku/calibre-web/issues/456
 - name: Clone i.e. download Calibre-Web ({{ calibreweb_version }}) from https://github.com/janeczku/calibre-web.git to {{ calibreweb_venv_path }}
@ -61,7 +61,7 @@
  template:
    src: calibre-web.conf.j2
    dest: "/etc/{{ apache_conf_dir }}/calibre-web.conf"    # apache2/sites-available on debuntu
-  when: apache_install | bool
+  when: apache_installed is defined

 - name: Does /library/calibre-web/metadata.db exist?
  stat:
--- a/roles/captiveportal/README.md
+++ b/roles/captiveportal/README.md
@ -1,3 +1,5 @@
+_Please Also See: http://FAQ.IIAB.IO > ["Captive Portal Administration: What tips & tricks exist?"](http://wiki.laptop.org/go/IIAB/FAQ#Captive_Portal_Administration:_What_tips_.26_tricks_exist.3F)_
+
 ## Theory of Operation

 * The captive portal function is a feature of most modern operating systems. With the increased use of https/ssl (secure sockets layer), the automatic diversion to a specific web page runs the risk of being detected as a "man in the middle" attack.
--- a/roles/cups/tasks/main.yml
+++ b/roles/cups/tasks/main.yml
@ -3,8 +3,20 @@

 # TO DO:
 # - validate input vars + prereqs
-# - move 5 top stanzas into install.yml
-# - move 5-7 next stanzas into enable-or-disable.yml
+# - move ~7 top stanzas into install.yml
+# - move ~7 next stanzas into enable-or-disable.yml
+#   - create /etc/nginx/conf.d/cups-nginx.conf as SHIM to Apache on port 8090 ?
+#   - deprecate ~2 F18 stanzas?
+
+
+- name: "Set 'apache_install: True' and 'apache_enabled: True'"
+  set_fact:
+    apache_install: True
+    apache_enabled: True
+
+- name: APACHE - run 'httpd' role
+  include_role:
+    name: httpd


 - name: Install 'cups' package
--- a/roles/elgg/tasks/install.yml
+++ b/roles/elgg/tasks/install.yml
@ -1,6 +1,20 @@
-# Assume (enforce!) we only get here if elgg_install: True
-# Assume (enforce?) MySQL is running
+- name: "Set 'apache_install: True' and 'apache_enabled: True'"
+  set_fact:
+    apache_install: True
+    apache_enabled: True

+- name: APACHE - run 'httpd' role
+  include_role:
+    name: httpd
+
+# 2020-05-21: Required now that mysql/tasks/install.yml installs
+# "php{{ php_version }}-common" rather than the full "php{{ php_version }}"
+- name: "Install package: libapache2-mod-php{{ php_version }}"
+  package:
+    name: "libapache2-mod-php{{ php_version }}"
+
+# Assume (enforce?) MySQL is running
+#
 # - name: "Set 'mysql_install: True' and 'mysql_enabled: True'"
 #   set_fact:
 #     mysql_install: True
--- a/roles/gitea/tasks/install.yml
+++ b/roles/gitea/tasks/install.yml
@ -97,13 +97,16 @@

 # 4. Create systemd service & prepare Apache for http://box/gitea

- name: "Install from templates: /etc/systemd/system/gitea.service, /etc/apache2/sites-available/gitea.conf"
+- name: "Install from template: /etc/systemd/system/gitea.service"
  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-  with_items:
-    - { src: 'gitea.service.j2', dest: '/etc/systemd/system/gitea.service' }
-    - { src: 'gitea.conf.j2', dest: "/etc/{{ apache_conf_dir }}/gitea.conf" }
+    src: gitea.service.j2
+    dest: /etc/systemd/system/gitea.service
+
+- name: "Install from template: /etc/{{ apache_conf_dir }}/gitea.conf"
+  template:
+    src: gitea.conf.j2
+    dest: "/etc/{{ apache_conf_dir }}/gitea.conf"    # apache2/sites-available
+  when: apache_installed is defined


 # 5. RECORD Gitea AS INSTALLED
--- a/roles/httpd/tasks/install.yml
+++ b/roles/httpd/tasks/install.yml
@ -69,28 +69,6 @@
    - mpm_prefork.load
  when: is_debuntu | bool

-# - name: Remove mpm_event.conf & mpm_event.load symlinks, using a2dissite
-#   command: "a2dissite {{ item }}"
-#   with_items:
-#     - mpm_event.conf
-#     - mpm_event.load
-#   ignore_errors: yes
-#
-# - name: Symlink mpm_prefork.conf & mpm_prefork.load, using a2ensite
-#   command: "a2ensite {{ item }}"
-#   with_items:
-#     - mpm_prefork.conf
-#     - mpm_prefork.load
-
-#- name: 'Turn on mod_proxy using a2enmod with: proxy, proxy_html, headers, rewrite (debuntu)'
-#  command: a2enmod {{ item }}
-#  with_items:
-#    - proxy
-#    - proxy_html
-#    - headers
-#    - rewrite
-#  when: is_debuntu | bool
-
 - name: 'Enable 5 Apache modules, as with "a2enmod" command: headers, proxy, proxy_html, proxy_http, rewrite (for http://box/kiwix, http://box/kolibri, http://box/nodered, etc--if debuntu)'
  apache2_module:
    name: "{{ item }}"
@ -115,9 +93,9 @@
  file:
    state: directory
    path: "/var/run/{{ apache_user }}"
-    owner: root
-    group: root
-    mode: '0755'
+    #owner: root
+    #group: root
+    #mode: '0755'

 - name: 'Create group: admin'
  group:
@ -131,13 +109,13 @@
    state: present
    createhome: no

- name: Create Apache dir /var/log/{{ apache_service }}
+- name: Create Apache dir /var/log/{{ apache_service }} ({{ apache_user }}:{{ apache_user }})
  file:
    state: directory
    path: "/var/log/{{ apache_service }}"
    owner: "{{ apache_user }}"
    group: "{{ apache_user }}"
-    mode: '0755'
+    #mode: '0755'


 - name: Install Apache's 010-iiab.conf & proxy_ajp.conf into /etc/apache2/sites-available, from templates
@ -156,15 +134,14 @@
 #   command: a2dissite 010-iiab.conf
 #   when: not apache_enabled

+
 - debug:
    msg: roles/httpd/tasks/homepage.yml will run LATER (invoked by roles/www_options/tasks/main.yml) SO THAT APACHE CAN REDIRECT http://box TO http://box{{ iiab_home_url }} (based on var iiab_home_url)
 # - include_tasks: roles/httpd/tasks/homepage.yml

-# - name: Enable & Stop '{{ apache_service }}' systemd service
-#   systemd:
-#     name: "{{ apache_service }}"
-#     enabled: yes
-#     state: stopped
+- name: Run 'systemctl daemon-reload'
+  systemd:
+    daemon_reload: yes


 # RECORD Apache AS INSTALLED
--- a/roles/httpd/tasks/main.yml
+++ b/roles/httpd/tasks/main.yml
@ -31,12 +31,11 @@
  when: apache_installed is undefined


- name: Enable & (Re)Start {{ apache_service }} systemd service, if apache_enabled
+- name: Enable & Start-if-nec {{ apache_service }} systemd service, if apache_enabled
  systemd:
    name: "{{ apache_service }}"
-    daemon_reload: yes
    enabled: yes
-    state: restarted
+    state: started    # No need to restart, as many IIAB apps do that later
  when: apache_enabled | bool

 - name: Disable & Stop {{ apache_service }} systemd service, if not apache_enabled
--- a/roles/internetarchive/tasks/install.yml
+++ b/roles/internetarchive/tasks/install.yml
@ -56,13 +56,16 @@

 # 3. CONFIG FILES

- name: "Install from templates: /etc/systemd/system/internetarchive.service, /etc/{{ apache_conf_dir }}/internetarchive.conf"
+- name: "Install from template: /etc/systemd/system/internetarchive.service"
  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-  with_items:
-    - { src: 'internetarchive.service.j2', dest: '/etc/systemd/system/internetarchive.service' }
-    - { src: 'internetarchive.conf', dest: '/etc/{{ apache_conf_dir }}/internetarchive.conf' }    # apache2/sites-available
+    src: internetarchive.service.j2
+    dest: /etc/systemd/system/internetarchive.service
+
+- name: "Install from template: /etc/{{ apache_conf_dir }}/internetarchive.conf"
+  template:
+    src: internetarchive.conf
+    dest: "/etc/{{ apache_conf_dir }}/internetarchive.conf"    # apache2/sites-available
+  when: apache_installed is defined


 # 4. RECORD Internet Archive AS INSTALLED
--- a/roles/internetarchive/tasks/main.yml
+++ b/roles/internetarchive/tasks/main.yml
@ -51,7 +51,6 @@
  when: internetarchive_installed is undefined and internet_available


-
 # ENABLE/DISABLE/RESTART SYSTEMD SERVICE & WEB SERVERS AS NEC ?

 - name: Enable & Restart 'internetarchive' systemd service, if internetarchive_enabled
@ -69,10 +68,9 @@
    state: stopped
  when: not internetarchive_enabled

-#- name: Enable/Disable/Restart Apache if primary
- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache
+- name: Enable/Disable/Restart Apache if primary
  include_tasks: apache.yml
-  #when: not nginx_enabled
+  when: apache_installed is defined and not nginx_enabled

 - name: Enable/Disable/Restart NGINX if primary
  include_tasks: nginx.yml
--- a/roles/kalite/tasks/install.yml
+++ b/roles/kalite/tasks/install.yml
@ -43,18 +43,20 @@
    extra_args: "--no-cache-dir"
  when: internet_available | bool

- name: "Install from template: venv wrapper /usr/bin/kalite, systemd unit file kalite-serve.service, Apache's kalite.conf"
+- name: "Install from templates: venv wrapper /usr/bin/kalite, systemd unit file kalite-serve.service"
  template:
-    backup: no
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
-    owner: root
-    group: root
    mode: "{{ item.mode }}"
  with_items:
-    - { src: 'kalite.sh.j2', dest: '/usr/bin/kalite', mode: '0755'}
-    - { src: 'kalite-serve.service.j2', dest: '/etc/systemd/system/kalite-serve.service', mode: '0644'}
-    - { src: 'kalite.conf', dest: '/etc/{{ apache_conf_dir }}', mode: '0644'}
+    - { src: 'kalite.sh.j2', dest: '/usr/bin/kalite', mode: '0755' }
+    - { src: 'kalite-serve.service.j2', dest: '/etc/systemd/system/kalite-serve.service', mode: '0644' }
+
+- name: "Install from template: /etc/{{ apache_conf_dir }}/kalite.conf"
+  template:
+    src: kalite.conf
+    dest: "/etc/{{ apache_conf_dir }}"    # apache2/sites-available on debuntu
+  when: apache_installed is defined

 - name: Fix KA Lite bug in regex parsing ifconfig output, for @m-anish's network names that contain dashes, if Raspbian/Debian < 11 or Ubuntu < 20
  replace:
--- a/roles/kiwix/defaults/main.yml
+++ b/roles/kiwix/defaults/main.yml
@ -26,9 +26,9 @@ kiwix_library_xml: "{{ iiab_zim_path }}/library.xml"
 # http://download.kiwix.org/release/kiwix-tools/ ...or sometimes...
 # http://download.kiwix.org/nightly/

-kiwix_version_armhf: kiwix-tools_linux-armhf-3.1.0-2
-kiwix_version_linux64: kiwix-tools_linux-x86_64-3.1.0-2
-kiwix_version_i686: kiwix-tools_linux-i586-3.1.0-2
+kiwix_version_armhf: kiwix-tools_linux-armhf-3.1.1
+kiwix_version_linux64: kiwix-tools_linux-x86_64-3.1.1
+kiwix_version_i686: kiwix-tools_linux-i586-3.1.1

 # kiwix_src_file_i686: "kiwix-linux-i686.tar.bz2"
 # v0.9 for i686 published May 2014 ("use it to test legacy ZIM content")
--- a/roles/kiwix/tasks/install.yml
+++ b/roles/kiwix/tasks/install.yml
@ -100,7 +100,7 @@

 # 4. INSTALL iiab-make-kiwix-lib*, kiwix-serve.service, kiwix.conf for Apache

- name: 'Install from templates: kiwix-serve.service, iiab-make-kiwix-lib, iiab-make-kiwix-lib.py, kiwix.conf'
+- name: 'Install from templates: kiwix-serve.service, iiab-make-kiwix-lib, iiab-make-kiwix-lib.py'
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
@ -109,7 +109,13 @@
    - { src: 'kiwix-serve.service.j2', dest: '/etc/systemd/system/kiwix-serve.service', mode: '0644' }
    - { src: 'iiab-make-kiwix-lib', dest: '/usr/bin/iiab-make-kiwix-lib', mode: '0755' }
    - { src: 'iiab-make-kiwix-lib3.py', dest: '/usr/bin/iiab-make-kiwix-lib.py', mode: '0755' }
-    - { src: 'kiwix.conf.j2', dest: '/etc/{{ apache_conf_dir }}/kiwix.conf', mode: '0644' }
+
+- name: "Install from template: Apache's kiwix.conf"
+  template:
+    src: kiwix.conf.j2
+    dest: "/etc/{{ apache_conf_dir }}/kiwix.conf"
+    #mode: '0644'
+  when: apache_installed is defined


 # 5. RECORD Kiwix AS INSTALLED
--- a/roles/kolibri/tasks/install.yml
+++ b/roles/kolibri/tasks/install.yml
@ -15,31 +15,21 @@
    path: "{{ kolibri_home }}"     # /library/kolibri
    owner: "{{ kolibri_user }}"    # kolibri
    group: "{{ apache_user }}"     # www-data (on Debian/Ubuntu/Raspbian)
-    mode: '0755'

 - name: Create directory /etc/kolibri
  file:
    state: directory
    name: /etc/kolibri
-    # owner: root
-    # group: root
-    # mode: '0755'

 - name: Save kolibri_user ({{ kolibri_user }}) to /etc/kolibri/username
  copy:
    content: "{{ kolibri_user }}"
    dest: /etc/kolibri/username
-    # owner: root
-    # group: root
-    # mode: '0644'

 - name: Save kolibri_home (KOLIBRI_HOME="{{ kolibri_home }}") to /etc/kolibri/daemon.conf
  copy:
    content: 'KOLIBRI_HOME="{{ kolibri_home }}"'
    dest: /etc/kolibri/daemon.conf
-    # owner: root
-    # group: root
-    # mode: '0644'

 - name: apt install latest Kolibri .deb from {{ kolibri_deb_url }} (populates {{ kolibri_home }}, migrates database)    # i.e. /library/kolibri
  apt:
@ -49,16 +39,16 @@
    KOLIBRI_USER: "{{ kolibri_user }}"    # both can't hurt & Might Help Later
  when: internet_available | bool

- name: 'Install from templates: /etc/systemd/system/kolibri.service & /etc/{{ apache_conf_dir }}/kolibri.conf'
+- name: 'Install from template: /etc/systemd/system/kolibri.service'
  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    # owner: root
-    # group: root
-    # mode: '0644'
-  with_items:
-    - { src: 'kolibri.service.j2', dest: '/etc/systemd/system/kolibri.service' }
-    - { src: 'kolibri.conf.j2', dest: '/etc/{{ apache_conf_dir }}/kolibri.conf' }    # apache2/sites-available
+    src: kolibri.service.j2
+    dest: /etc/systemd/system/kolibri.service
+
+- name: 'Install from template: /etc/{{ apache_conf_dir }}/kolibri.conf'
+  template:
+    src: kolibri.conf.j2
+    dest: "/etc/{{ apache_conf_dir }}/kolibri.conf"    # apache2/sites-available
+  when: apache_installed is defined

 - name: Stop 'kolibri' systemd service, for Kolibri provisioning (after daemon_reload)
  systemd:
--- a/roles/lokole/tasks/install.yml
+++ b/roles/lokole/tasks/install.yml
@ -1,6 +1,17 @@
 # Lokole PDF (User's Guide) gets copied for offline use (http://box/info) here:
 # https://github.com/iiab/iiab/blob/master/roles/httpd/templates/refresh-wiki-docs.sh#L51-L52

+
+- name: "Set 'apache_install: True' and 'apache_enabled: True'"
+  set_fact:
+    apache_install: True
+    apache_enabled: True
+
+- name: APACHE - run 'httpd' role
+  include_role:
+    name: httpd
+
+
 - name: "Install 8 packages for Lokole: python3, python3-pip, python3-venv, python3-dev, python3-bcrypt, libffi-dev, libssl-dev, libopenjp2-7"
  apt:
    name:
--- a/roles/mediawiki/tasks/install.yml
+++ b/roles/mediawiki/tasks/install.yml
@ -80,10 +80,11 @@
    regexp: '^\$wgServer ='
    line: '$wgServer = "//" . $_SERVER["HTTP_HOST"];'

- name: Install /etc/{{ apache_conf_dir }}/mediawiki.conf from template, for http://box{{ mediawiki_url }} via Apache
+- name: 'Install from template: /etc/{{ apache_conf_dir }}/mediawiki.conf -- for http://box{{ mediawiki_url }}'
  template:
    src: mediawiki.conf.j2
-    dest: "/etc/{{ apache_conf_dir }}/mediawiki.conf"    # apache2/sites-available on debuntu
+    dest: "/etc/{{ apache_conf_dir }}/mediawiki.conf"    # apache2/sites-available
+  when: apache_installed is defined


 # RECORD MediaWiki AS INSTALLED
--- a/roles/mongodb/tasks/install.yml
+++ b/roles/mongodb/tasks/install.yml
@ -1,6 +1,6 @@
 # 1. INSTALL MongoDB PACKAGES OR BINARIES

- name: "Install packages: mongodb, mongodb-server (not rpi)"
+- name: "Install packages: mongodb, mongodb-server (not raspbian)"
  package:
    name:
      - mongodb-server
@ -9,8 +9,8 @@
  when: internet_available and not is_raspbian

 # 2019-02-02: Sugarizer with Node.js 10.x requires MongoDB 2.6+ so
-# https://andyfelong.com/2017/08/mongodb-3-0-14-for-raspbian-stretch/
-# is being used on RPi, all I found! (Raspbian's apt pkg is MongoDB 2.4.14)
+# https://andyfelong.com/2017/08/mongodb-3-0-14-for-raspbian-stretch/ is
+# being used on Raspbian, all I found! (Raspbian's apt pkg is MongoDB 2.4.14)
 #
 # mongodb_stretch_3_0_14_core.zip (20M) & mongodb_stretch_3_0_14_tools.zip (15M)
 # were backed up from andyfelong.com to http://download.iiab.io/packages/
@ -18,50 +18,50 @@
 # CLARIF: mongodb_stretch_3_0_14_core.zip IS IN FACT 3.0.14 (core) BUT...
 #         mongodb_stretch_3_0_14_tools.zip IS REALLY 3.0.15 (tools)

- name: Create dir /tmp/mongodb-3.0.1x (rpi)
+- name: Create dir /tmp/mongodb-3.0.1x (raspbian)
  file:
    path: /tmp/mongodb-3.0.1x
    state: directory
  when: internet_available and is_raspbian

- name: Download & unzip 20MB http://download.iiab.io/packages/mongodb_stretch_3_0_14_core.zip to /tmp/mongodb-3.0.1x (rpi)
+- name: Download & unzip 20MB http://download.iiab.io/packages/mongodb_stretch_3_0_14_core.zip to /tmp/mongodb-3.0.1x (raspbian)
  unarchive:
    remote_src: yes
    src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_core.zip"
    dest: /tmp/mongodb-3.0.1x
  when: internet_available and is_raspbian

- name: Install (move) its 3 CORE binaries from /tmp/mongodb-3.0.1x/core to /usr/bin (rpi)
+- name: Install (move) its 3 CORE binaries from /tmp/mongodb-3.0.1x/core to /usr/bin (raspbian)
  shell: mv /tmp/mongodb-3.0.1x/core/* /usr/bin
  when: internet_available and is_raspbian

- name: Download & unzip 15MB http://download.iiab.io/packages/mongodb_stretch_3_0_14_tools.zip [IN FACT THIS ONE'S 3.0.15] to /tmp/mongodb-3.0.1x (rpi)
+- name: Download & unzip 15MB http://download.iiab.io/packages/mongodb_stretch_3_0_14_tools.zip [IN FACT THIS ONE'S 3.0.15] to /tmp/mongodb-3.0.1x (raspbian)
  unarchive:
    remote_src: yes
    src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_tools.zip"
    dest: /tmp/mongodb-3.0.1x
  when: internet_available and is_raspbian

- name: Install (move) its 9 TOOLS binaries from /opt/iiab/downloads/mongodb-3.0.1x/tools to /usr/bin (rpi)
+- name: Install (move) its 9 TOOLS binaries from /opt/iiab/downloads/mongodb-3.0.1x/tools to /usr/bin (raspbian)
  shell: mv /tmp/mongodb-3.0.1x/tools/* /usr/bin
  when: internet_available and is_raspbian

 # OLD WAY / MUCH SLOWER: had put unnec duplicate copies in /opt/iiab/downloads/mongodb-3.0.1x
 #
-#- name: Create dir /opt/iiab/downloads/mongodb-3.0.1x (rpi)
+#- name: Create dir /opt/iiab/downloads/mongodb-3.0.1x (raspbian)
 #  file:
 #    path: "{{ downloads_dir }}/mongodb-3.0.1x"
 #    state: directory
 #  when: internet_available and is_raspbian
 #
-#- name: Download & unzip MongoDB 3.0.14's 3 core binaries to /opt/iiab/downloads/mongodb-3.0.1x (rpi)
+#- name: Download & unzip MongoDB 3.0.14's 3 core binaries to /opt/iiab/downloads/mongodb-3.0.1x (raspbian)
 #  unarchive:
 #    remote_src: yes
 #    src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_core.zip"
 #    dest: "{{ downloads_dir }}/mongodb-3.0.1x"
 #  when: internet_available and is_raspbian
 #
-#- name: Install (copy) 3 binaries from /opt/iiab/downloads/mongodb-3.0.1x/core to /usr/bin (rpi)
+#- name: Install (copy) 3 binaries from /opt/iiab/downloads/mongodb-3.0.1x/core to /usr/bin (raspbian)
 #  copy:
 #    src: "{{ item }}"
 #    dest: /usr/bin
@ -69,14 +69,14 @@
 #    - "{{ downloads_dir }}/mongodb-3.0.1x/core/*"
 #  when: internet_available and is_raspbian
 #
-#- name: Download & unzip MongoDB 3.0.15's 9 tools binaries to /opt/iiab/downloads/mongodb-3.0.1x (rpi)
+#- name: Download & unzip MongoDB 3.0.15's 9 tools binaries to /opt/iiab/downloads/mongodb-3.0.1x (raspbian)
 #  unarchive:
 #    remote_src: yes
 #    src: "{{ iiab_download_url }}/mongodb_stretch_3_0_14_tools.zip"
 #    dest: "{{ downloads_dir }}/mongodb-3.0.1x"
 #  when: internet_available and is_raspbian
 #
-#- name: Install (copy) 9 binaries from /opt/iiab/downloads/mongodb-3.0.1x/tools to /usr/bin (rpi)
+#- name: Install (copy) 9 binaries from /opt/iiab/downloads/mongodb-3.0.1x/tools to /usr/bin (raspbian)
 #  copy:
 #    src: "{{ item }}"
 #    dest: /usr/bin
@ -84,13 +84,13 @@
 #    - "{{ downloads_dir }}/mongodb-3.0.1x/tools/*"
 #  when: internet_available and is_raspbian

- name: Create Linux group mongodb (rpi)
+- name: Create Linux group mongodb (raspbian)
  group:
    name: mongodb
    state: present
  when: is_raspbian | bool

- name: Create Linux user mongodb (rpi)
+- name: Create Linux user mongodb (raspbian)
  user:
    name: mongodb
    group: mongodb    # primary group
--- a/roles/moodle/tasks/install.yml
+++ b/roles/moodle/tasks/install.yml
@ -1,3 +1,13 @@
+- name: "Set 'apache_install: True' and 'apache_enabled: True'"
+  set_fact:
+    apache_install: True
+    apache_enabled: True
+
+- name: APACHE - run 'httpd' role
+  include_role:
+    name: httpd
+
+
 - name: "Set 'postgresql_install: True' and 'postgresql_enabled: True'"
  set_fact:
    postgresql_install: True
--- a/roles/munin/tasks/install.yml
+++ b/roles/munin/tasks/install.yml
@ -17,16 +17,16 @@
    state: present
  when: not is_debuntu

- name: Install /etc/munin/munin.conf and Apache's munin24.conf, from templates
+- name: 'Install from template: /etc/munin/munin.conf'
  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    # owner: root
-    # group: root
-    # mode: 0644
-  with_items:
-    - { src: 'munin.conf.j2', dest: '/etc/munin/munin.conf' }
-    - { src: 'munin24.conf.j2', dest: '/etc/{{ apache_conf_dir }}/munin24.conf' }
+    src: munin.conf.j2
+    dest: /etc/munin/munin.conf
+
+- name: 'Install from template: /etc/{{ apache_conf_dir }}/munin24.conf'
+  template:
+    src: munin24.conf.j2
+    dest: "/etc/{{ apache_conf_dir }}/munin24.conf"    # apache2/sites-available
+  when: apache_installed is defined

 - name: Establish username/password Admin/changeme in /etc/munin/munin-htpasswd
  htpasswd:
--- a/roles/mysql/tasks/install.yml
+++ b/roles/mysql/tasks/install.yml
@ -1,7 +1,6 @@
-# Stanzas as of 2020-02-04:
+# Stanzas as of 2020-05-21:
 #
-# - 4 base install
-#   - Remove the last 3 above, as CentOS & Fedora no longer supported ?
+# - 1 base install
 # - 6 double timeout for slow CPUs
 # - 7 DB config
 # - 2 record as installed
@ -11,7 +10,8 @@
    name:
      - mariadb-server
      - mariadb-client
-      - php{{ php_version }}
+      # - php{{ php_version }}    # On Ubuntu 20.04 (and prob other OS's) this forces the install of: apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php{{ php_version }} ETC
+      - php{{ php_version }}-common    # 2020-05-21: @jvonau suggests this to avoid Apache above.  Or its superset php{{ php_version }}-cli if absolutely nec?
      - php{{ php_version }}-mysql
      - php-pear
      - php{{ php_version }}-gd
@ -23,41 +23,28 @@
    state: present
  when: is_debuntu | bool

-# - name: Install package 'php{{ php_version }}-xml' (debuntu)    # WAS: (ubuntu or debian 9+)
+# - name: "Install packages: mysql, MySQL-python and 9 php packages (OS's other than debuntu)"
 #   package:
-#     name: "php{{ php_version }}-xml"
+#     name:
+#       - MySQL-python
+#       - mysql
+#       - php
+#       - php-mysql
+#       - php-pear
+#       - php-gd
+#       - php-imap
+#       - php-ldap
+#       - php-odbc
+#       - php-xml
+#       - php-xmlrpc
 #     state: present
-#   when: is_debuntu | bool
-#   #when: is_ubuntu or (is_debian and not is_debian_8)
-
-#- name: Install php-xml-parser (debian-8)
-#  package:
-#    name: php-xml-parser
-#    state: present
-#  when: is_debian_8 | bool
-
- name: "Install packages: mysql, MySQL-python and 9 php packages (OS's other than debuntu)"
-  package:
-    name:
-      - MySQL-python
-      - mysql
-      - php
-      - php-mysql
-      - php-pear
-      - php-gd
-      - php-imap
-      - php-ldap
-      - php-odbc
-      - php-xml
-      - php-xmlrpc
-    state: present
-  when: not is_debuntu
-
- include_tasks: centos.yml
-  when: ansible_distribution == "CentOS"
-
- include_tasks: fedora.yml
-  when: ansible_distribution == "Fedora"
+#   when: not is_debuntu
+#
+# - include_tasks: centos.yml
+#   when: ansible_distribution == "CentOS"
+#
+# - include_tasks: fedora.yml
+#   when: ansible_distribution == "Fedora"


 # 2019-07-03 @jvonau @holta: the next 50 lines (6 stanzas) double MariaDB's
--- a/roles/nextcloud/tasks/install.yml
+++ b/roles/nextcloud/tasks/install.yml
@ -109,7 +109,7 @@
  template:
    src: nextcloud.conf.j2
    dest: "/etc/{{ apache_conf_dir }}/nextcloud.conf"    # apache2/sites-available on debuntu
-  when: apache_install | bool
+  when: apache_installed is defined


 # RECORD Nextcloud AS INSTALLED
--- a/roles/nginx/README.md
+++ b/roles/nginx/README.md
@ -10,7 +10,7 @@

 2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX.

-3. Current state of IIAB App/Service migrations as of 2020-04-29:
+3. Current state of IIAB App/Service migrations as of 2020-05-21:

   1. These support "Native" NGINX but ***NOT*** Apache
      * Admin Console
@ -20,7 +20,7 @@
      * OER2Go/RACHEL modules
      * usb_lib

-   2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!)  Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service.  But if you want to attempt their "Shim" proxying legacy testing mode, change your *primary web server* over to Apache by setting `nginx_enabled: False` in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) (which will [auto-enable Apache](../0-init/tasks/main.yml#L47-L51) for your testing).
+   2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!)  Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service.  But if you want to attempt their "Shim" proxying legacy testing mode, try setting your *primary web server* to Apache using `apache_install: True` and `apache_enabled: True` (and `nginx_enabled: False` to disable NGINX) in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) before you install IIAB.  You may also need to run `cd /opt/iiab/iiab; ./runrole httpd` since this has been removed from [roles/3-base-server/tasks/main.yml](https://github.com/iiab/iiab/blob/master/roles/3-base-server/tasks/main.yml)
      * awstats
      * calibre-web
      * gitea
@ -32,7 +32,8 @@
      * sugarizer
      * wordpress

-   3. These support Apache but ***NOT*** "Native" NGINX.  They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090.  See [roles/0-init/tasks/main.yml#L47-L51](../0-init/tasks/main.yml#L47-L51) for a list of these IIAB Apps/Services, that auto-enable Apache.
+   3. These support Apache but ***NOT*** "Native" NGINX.  They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090.  See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of IIAB Apps/Services that auto-enable Apache.
+      * cups [*, shim not yet in place.]
      * elgg
      * lokole
      * moodle
@ -45,6 +46,7 @@
      * minetest [*]
      * openvpn
      * pbx [*]
+      * phpmyadmin [*, requires Apache for now, as in Section 3.]
      * transmission [*]

-[*] The 4 above starred roles could use improvement, as of 2020-04-29.
+[*] The 6 above starred roles could use improvement, as of 2020-05-21.
--- a/roles/nginx/tasks/enable-or-disable.yml
+++ b/roles/nginx/tasks/enable-or-disable.yml
@ -1,7 +1,9 @@
- name: Ensure that Apache (({{ apache_service }})) is not running -- we may need port swap
+- name: Ensure that Apache ({{ apache_service }}) is not running -- we may need port swap
  systemd:
    name: "{{ apache_service }}"    # apache2 or httpd, per /opt/iiab/iiab/vars/<OS>.yml
    state: stopped
+  ignore_errors: yes
+  # 'when: apache_installed is defined' might also work, as mysql's php no longer installs apache2 (but 'ignore_errors: yes' remains safer!)

 - name: Install /etc/{{ apache_service }}/ports.conf from template 1 of 2 (ports.conf.j2) if nginx_enabled, to enable Apache port {{ apache_port }} localhost only
  template:
@ -15,13 +17,13 @@
    dest: "/etc/{{ apache_service }}/ports.conf"
  when: not nginx_enabled

- name: Enable & Restart '{{ apache_service }}' if apache_enabled or not nginx_enabled, since we stopped it
+- name: Enable & Restart '{{ apache_service }}' if Apache is installed and enabled, since we stopped it
  systemd:
    name: "{{ apache_service }}"    # apache2 or httpd, per /opt/iiab/iiab/vars/<OS>.yml
    daemon_reload: yes
    state: restarted
    enabled: true
-  when: apache_enabled or not nginx_enabled
+  when: apache_installed is defined and apache_enabled    # or not nginx_enabled


 - name: Enable & (Re)Start 'nginx' systemd service, if nginx_enabled
--- a/roles/nginx/tasks/install.yml
+++ b/roles/nginx/tasks/install.yml
@ -1,18 +1,9 @@
-# This stanza can likely be removed later in 2020:
- name: 'Remove legacy files if present: /etc/systemd/system/uwsgi.service, {{ nginx_conf_dir }}/usb-lib.conf, {{ nginx_conf_dir }}/modules.conf'
-  file:
-    path: "{{ item.path }}"
-    state: absent
-  with_items:
-    - { path: "/etc/systemd/system/uwsgi.service" }
-    - { path: "{{ nginx_conf_dir }}/usb-lib.conf" }
-    - { path: "{{ nginx_conf_dir }}/modules.conf" }
-
 - name: Stop '{{ apache_service }}' systemd service
  systemd:
    name: "{{ apache_service }}"    # apache2 or httpd, per /opt/iiab/iiab/vars/<OS>.yml
    state: stopped
  ignore_errors: yes
+  # 'when: apache_installed is defined' insuff b/c mysql's php installs apache2

 - name: Install required and helper packages for NGINX
  package:
--- a/roles/nodered/tasks/install.yml
+++ b/roles/nodered/tasks/install.yml
@ -1,3 +1,13 @@
+- name: "Set 'apache_install: True' and 'apache_enabled: True'"
+  set_fact:
+    apache_install: True
+    apache_enabled: True
+
+- name: APACHE - run 'httpd' role
+  include_role:
+    name: httpd
+
+
 # 2019-01-16: @jvonau's PR #1403 moved installation of Node.js (8.x for now) &
 # npm to roles/nodejs/tasks/main.yml

--- a/roles/phpmyadmin/tasks/main.yml
+++ b/roles/phpmyadmin/tasks/main.yml
@ -1,3 +1,13 @@
+- name: "Set 'apache_install: True' and 'apache_enabled: True'"
+  set_fact:
+    apache_install: True
+    apache_enabled: True
+
+- name: APACHE - run 'httpd' role
+  include_role:
+    name: httpd
+
+
 - name: Download {{ iiab_download_url }}/{{ phpmyadmin_name_zip }} to {{ downloads_dir }}
  get_url:
    url: "{{ iiab_download_url }}/{{ phpmyadmin_name_zip }}"
@ -49,7 +59,7 @@
  template:
    src: phpmyadmin.j2
    dest: "/etc/{{ apache_conf_dir }}/phpmyadmin.conf"
-  when: apache_install | bool
+  when: apache_installed is defined


 # RECORD phpMyAdmin AS INSTALLED
@ -67,11 +77,11 @@

 - name: Enable phpMyAdmin via Apache, if phpmyadmin_enabled
  command: a2ensite phpmyadmin.conf
-  when: apache_install and phpmyadmin_enabled
+  when: apache_installed is defined and phpmyadmin_enabled

 - name: Disable phpMyAdmin via Apache, if not phpmyadmin_enabled
  command: a2dissite phpmyadmin.conf
-  when: apache_install and not phpmyadmin_enabled
+  when: apache_installed is defined and not phpmyadmin_enabled


 - name: Add 'phpmyadmin' variable values to {{ iiab_ini_file }}
--- a/roles/sugarizer/tasks/install.yml
+++ b/roles/sugarizer/tasks/install.yml
@ -148,18 +148,16 @@

 # 5. CONFIG FILES

- name: "Install from templates: /etc/systemd/system/sugarizer.service, /etc/apache2/sites-available/sugarizer.conf"
+- name: "Install from template: /etc/systemd/system/sugarizer.service"
  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    # owner: root
-    # group: root
-    # mode: '0644'
-  with_items:
-    - { src: 'sugarizer.service', dest: '/etc/systemd/system/sugarizer.service' }
-    - { src: 'sugarizer.conf.j2', dest: "/etc/{{ apache_conf_dir }}/sugarizer.conf" }
-    #- { src: 'sugarizer.ini.j2', dest: '{{ iiab_base }}/sugarizer-server/env/sugarizer.ini' }
-    #- { src: 'sugarizer.js', dest: '{{ iiab_base }}/sugarizer-server' }
+    src: sugarizer.service
+    dest: /etc/systemd/system
+
+- name: "Install from template: /etc/{{ apache_conf_dir }}/sugarizer.conf"
+  template:
+    src: sugarizer.conf.j2
+    dest: "/etc/{{ apache_conf_dir }}/sugarizer.conf"    # apache2/sites-available
+  when: apache_installed is defined

 # 3 [WAS 4] STANZAS ADDED BELOW JAN/FEB 2019, HOPING THIS MIGHT "JUST WORK"
 # WITH FUTURE UPGRADES BEYOND SUGARIZER 1.1?!
--- a/roles/usb_lib/tasks/apache.yml
+++ b/roles/usb_lib/tasks/apache.yml
@ -0,0 +1,12 @@
+- name: Enable http://box/usb via Apache
+  command: a2ensite content_dir.conf
+  when: usb_lib_enabled | bool
+
+- name: Disable http://box/usb via Apache
+  command: a2dissite content_dir.conf
+  when: not usb_lib_enabled
+
+- name: (Re)Start '{{ apache_service }}' systemd service
+  systemd:
+    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
+    state: restarted
--- a/roles/usb_lib/tasks/install.yml
+++ b/roles/usb_lib/tasks/install.yml
@ -28,7 +28,7 @@
  template:
    src: content_dir.conf
    dest: "/etc/{{ apache_conf_dir }}"    # apache2/sites-available on debuntu
-  when: apache_install
+  when: apache_installed is defined


 # RECORD 'USB_LIB' AS INSTALLED
--- a/roles/usb_lib/tasks/main.yml
+++ b/roles/usb_lib/tasks/main.yml
@ -30,7 +30,13 @@
  when: usb_lib_installed is undefined


- include_tasks: enable-or-disable.yml
+- name: Enable/Disable/Restart Apache if primary
+  include_tasks: apache.yml
+  when: not nginx_enabled
+
+- name: Enable/Disable/Restart NGINX if primary
+  include_tasks: nginx.yml
+  when: nginx_enabled | bool


 - name: Put variable in iiab.env that enables display of content at root of USB
--- a/roles/usb_lib/tasks/enable-or-disable.yml
+++ b/roles/usb_lib/tasks/enable-or-disable.yml
@ -28,10 +28,7 @@
    state: absent
  when: not usb_lib_enabled

- name: Enable http://box/usb via Apache, if usb_lib_enabled
-  command: a2ensite content_dir.conf
-  when: apache_install and usb_lib_enabled
-
- name: Disable http://box/usb via Apache, if not usb_lib_enabled
-  command: a2dissite content_dir.conf
-  when: apache_install and not usb_lib_enabled
+- name: Restart 'nginx' systemd service
+  systemd:
+    name: nginx
+    state: restarted
--- a/roles/wordpress/tasks/install.yml
+++ b/roles/wordpress/tasks/install.yml
@ -89,7 +89,7 @@
  template:
    src: wordpress.conf.j2
    dest: "/etc/{{ apache_conf_dir }}/wordpress.conf"
-  when: apache_enabled | bool
+  when: apache_installed is defined


 # RECORD WordPress AS INSTALLED
--- a/roles/www_base/files/html/js/nacl-fast.min.js
+++ b/roles/www_base/files/html/js/nacl-fast.min.js
--- a/roles/www_base/files/html/js/nacl-util.min.js
+++ b/roles/www_base/files/html/js/nacl-util.min.js
@ -0,0 +1 @@
+!function(e,n){"use strict";"undefined"!=typeof module&&module.exports?module.exports=n():(e.nacl||(e.nacl={}),e.nacl.util=n())}(this,function(){"use strict";var e={};function o(e){if(!/^(?:[A-Za-z0-9+\/]{2}[A-Za-z0-9+\/]{2})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?$/.test(e))throw new TypeError("invalid encoding")}return e.decodeUTF8=function(e){if("string"!=typeof e)throw new TypeError("expected string");var n,r=unescape(encodeURIComponent(e)),t=new Uint8Array(r.length);for(n=0;n<r.length;n++)t[n]=r.charCodeAt(n);return t},e.encodeUTF8=function(e){var n,r=[];for(n=0;n<e.length;n++)r.push(String.fromCharCode(e[n]));return decodeURIComponent(escape(r.join("")))},"undefined"==typeof atob?void 0!==Buffer.from?(e.encodeBase64=function(e){return Buffer.from(e).toString("base64")},e.decodeBase64=function(e){return o(e),new Uint8Array(Array.prototype.slice.call(Buffer.from(e,"base64"),0))}):(e.encodeBase64=function(e){return new Buffer(e).toString("base64")},e.decodeBase64=function(e){return o(e),new Uint8Array(Array.prototype.slice.call(new Buffer(e,"base64"),0))}):(e.encodeBase64=function(e){var n,r=[],t=e.length;for(n=0;n<t;n++)r.push(String.fromCharCode(e[n]));return btoa(r.join(""))},e.decodeBase64=function(e){o(e);var n,r=atob(e),t=new Uint8Array(r.length);for(n=0;n<r.length;n++)t[n]=r.charCodeAt(n);return t}),e});
--- a/roles/www_base/tasks/main.yml
+++ b/roles/www_base/tasks/main.yml
@ -1,7 +1,5 @@
 # Role "www_base" runs here, probably in 3-BASE-SERVER.
 # Role "www_options" runs later, likely in 4-SERVER-OPTIONS.
-#
-# (Don't take either name too literally!)

 - name: Using html.yml
  include_tasks: html.yml
@ -15,7 +13,6 @@
    path: "{{ doc_root }}/home"    # /library/www/html
    owner: "{{ apache_user }}"
    group: "{{ apache_user }}"
-    # mode: '0755'

 - name: Create dir {{ doc_root }}/info for http://box/info offline docs
  file:
@ -23,7 +20,6 @@
    path: "{{ doc_root }}/info"    # /library/www/html
    owner: "{{ apache_user }}"
    group: "{{ apache_user }}"
-    # mode: '0755'

 - name: Install /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation.  (Script can be run manually and/or at the end of Stage 4 = roles/4-server-options/tasks/main.yml)
  template:
--- a/roles/www_options/tasks/main.yml
+++ b/roles/www_options/tasks/main.yml
@ -1,7 +1,5 @@
 # Role "www_base" runs earlier, likely in 3-BASE-SERVER.
 # Role "www_options" runs here, probably in 4-SERVER-OPTIONS.
-#
-# (Don't take either name too literally!)


 # HOMEPAGE
@ -17,12 +15,13 @@
 # Used to be run by httpd/tasks/install.yml
 - name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) if apache_install"
  include_tasks: roles/httpd/tasks/homepage.yml
-  when: apache_install | bool
+  when: apache_installed is defined

 # Used to be run by nginx/tasks/install.yml
 - name: Enable IIAB pages via NGINX (e.g. on port 80) if nginx_install
  include_tasks: roles/nginx/tasks/homepage.yml
-  when: nginx_install | bool
+  when: nginx_installed is defined
+  #when: nginx_install | bool

 - debug:
    msg: 'THE 3 ANSIBLE STANZAS BELOW ONLY RUN... when: (nginx_high_php_limits or moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled'
@ -102,11 +101,11 @@
  when: internet_available and not nodocs


- name: (Re)Start '{{ apache_service }}' systemd service, if apache_enabled
+- name: (Re)Start '{{ apache_service }}' systemd service, if installed & enabled
  systemd:
    name: "{{ apache_service }}"    # apache2 on debuntu
    state: restarted
-  when: apache_enabled | bool
+  when: apache_installed is defined and apache_enabled

 - name: (Re)Start 'nginx' systemd service, if nginx_enabled
  systemd:
--- a/vars/default_vars.yml
+++ b/vars/default_vars.yml
@ -223,19 +223,15 @@ pi_swap_file_size: 1024

 # 2-COMMON

-# Auto-enabled in roles/2-common/tasks/packages.yml as set in
-# 0-init/defaults/main.yml AND 0-init/tasks/main.yml :
-exFAT_enabled: True
-
 # /usr/libexec/iiab-startup.sh is much like autoexec.bat & /etc/rc.local
 # It's put in place by 2-common/tasks/iiab-startup.yml at the end of Stage 2.


 # 3-BASE-SERVER

-# 2020-01-22: Both vars unused.  SEE ABOVE js_menu_install.
-admin_console_install: True
-admin_console_enabled: True
+# 2020-01-22: See also js_menu_install (above).
+admin_console_install: True    # For now in roles/9-local-addons/tasks/main.yml
+admin_console_enabled: True    # Not in active use as of 2020-05-21

 # MySQL MANDATORY - THESE 2 VARS HAVE NO EFFECT - SEE roles/0-init/tasks/main.yml & roles/mysql/tasks/main.yml
 mysql_install: True
@ -259,16 +255,22 @@ nginx_high_php_limits: False
 # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L67
 # ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php/<VERSION>/fpm/php.ini

+# Make this False to disable http://box/common/services/power_off.php button:
+apache_allow_sudo: True
+
 # See also Apache vars {default_language, language_priority} @ top of this file
+#
+# 2020-05-21: apache_install is completely ignored as Apache is installed on
+# demand as a dependency -- by CUPS, Elgg, Lokole, Moodle, Node-RED and/or
+# phpMyAdmin -- but for now we set fake value 'apache_install: True' so that
+# 'apache_installed is defined' input validation works, e.g. in
+# 0-init/tasks/validate_vars.yml
 apache_install: True
 apache_enabled: False
 #
 # NGINX proxies to Apache for legacy IIAB services, using:
 apache_port: 8090
 apache_interface: 127.0.0.1    # 2020-01-13: Var unused
-#
-# Make this False to disable http://box/common/services/power_off.php button:
-apache_allow_sudo: True


 # 4-SERVER-OPTIONS
--- a/vars/local_vars_big.yml
+++ b/vars/local_vars_big.yml
@ -138,9 +138,6 @@ pi_swap_file_size: 1024

 # 2-COMMON

-# exFAT_enabled: True is auto-enabled in roles/2-common/tasks/packages.yml
-# as set in 0-init/defaults/main.yml AND 0-init/tasks/main.yml
-
 # /usr/libexec/iiab-startup.sh is much like autoexec.bat & /etc/rc.local
 # It's put in place by 2-common/tasks/iiab-startup.yml at the end of Stage 2.

--- a/vars/local_vars_medium.yml
+++ b/vars/local_vars_medium.yml
@ -138,9 +138,6 @@ pi_swap_file_size: 1024

 # 2-COMMON

-# exFAT_enabled: True is auto-enabled in roles/2-common/tasks/packages.yml
-# as set in 0-init/defaults/main.yml AND 0-init/tasks/main.yml
-
 # /usr/libexec/iiab-startup.sh is much like autoexec.bat & /etc/rc.local
 # It's put in place by 2-common/tasks/iiab-startup.yml at the end of Stage 2.

--- a/vars/local_vars_min.yml
+++ b/vars/local_vars_min.yml
@ -138,9 +138,6 @@ pi_swap_file_size: 1024

 # 2-COMMON

-# exFAT_enabled: True is auto-enabled in roles/2-common/tasks/packages.yml
-# as set in 0-init/defaults/main.yml AND 0-init/tasks/main.yml
-
 # /usr/libexec/iiab-startup.sh is much like autoexec.bat & /etc/rc.local
 # It's put in place by 2-common/tasks/iiab-startup.yml at the end of Stage 2.
				`@ -0,0 +1 @@`
				!function(e,n){"use strict";"undefined"!=typeof module&&module.exports?module.exports=n():(e.nacl\|\|(e.nacl={}),e.nacl.util=n())}(this,function(){"use strict";var e={};function o(e){if(!/^(?:[A-Za-z0-9+\/]{2}[A-Za-z0-9+\/]{2})*(?:[A-Za-z0-9+\/]{2}==\|[A-Za-z0-9+\/]{3}=)?$/.test(e))throw new TypeError("invalid encoding")}return e.decodeUTF8=function(e){if("string"!=typeof e)throw new TypeError("expected string");var n,r=unescape(encodeURIComponent(e)),t=new Uint8Array(r.length);for(n=0;n<r.length;n++)t[n]=r.charCodeAt(n);return t},e.encodeUTF8=function(e){var n,r=[];for(n=0;n<e.length;n++)r.push(String.fromCharCode(e[n]));return decodeURIComponent(escape(r.join("")))},"undefined"==typeof atob?void 0!==Buffer.from?(e.encodeBase64=function(e){return Buffer.from(e).toString("base64")},e.decodeBase64=function(e){return o(e),new Uint8Array(Array.prototype.slice.call(Buffer.from(e,"base64"),0))}):(e.encodeBase64=function(e){return new Buffer(e).toString("base64")},e.decodeBase64=function(e){return o(e),new Uint8Array(Array.prototype.slice.call(new Buffer(e,"base64"),0))}):(e.encodeBase64=function(e){var n,r=[],t=e.length;for(n=0;n<t;n++)r.push(String.fromCharCode(e[n]));return btoa(r.join(""))},e.decodeBase64=function(e){o(e);var n,r=atob(e),t=new Uint8Array(r.length);for(n=0;n<r.length;n++)t[n]=r.charCodeAt(n);return t}),e});